extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-02-16 10:19:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

limits on shares (#96)

Browse Source
This commit is contained in:
Michael Quigley 2023-01-13 10:34:21 -05:00
parent a9507f7d9d
commit e6932d67f2
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
2 changed files with 32 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
controller/controller.go
View File

@ -45,7 +45,7 @@ func Run(inCfg *Config) error {
api.MetadataOverviewHandler = metadata.OverviewHandlerFunc(overviewHandler)
api.MetadataVersionHandler = metadata.VersionHandlerFunc(versionHandler)
api.ShareAccessHandler = newAccessHandler()
api.ShareShareHandler = newShareHandler()
api.ShareShareHandler = newShareHandler(cfg.Limits)
api.ShareUnaccessHandler = newUnaccessHandler()
api.ShareUnshareHandler = newUnshareHandler()
api.ShareUpdateShareHandler = newUpdateShareHandler()

35
controller/share.go
View File

@ -2,16 +2,20 @@ package controller
import (
"github.com/go-openapi/runtime/middleware"
"github.com/jmoiron/sqlx"
"github.com/openziti-test-kitchen/zrok/controller/store"
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/share"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
type shareHandler struct{}
type shareHandler struct {
cfg *LimitsConfig
}
func newShareHandler() *shareHandler {
return &shareHandler{}
func newShareHandler(cfg *LimitsConfig) *shareHandler {
return &shareHandler{cfg: cfg}
}
func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zrok.Principal) middleware.Responder {
@ -26,7 +30,8 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
envZId := params.Body.EnvZID
envId := 0
if envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx); err == nil {
envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx)
if err == nil {
found := false
for _, env := range envs {
if env.ZId == envZId {
@ -45,6 +50,11 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
return share.NewShareInternalServerError()
}
if err := h.checkLimits(principal, envs, tx); err != nil {
logrus.Errorf("limits error: %v", err)
return share.NewShareUnauthorized()
}
edge, err := edgeClient()
if err != nil {
logrus.Error(err)
@ -131,3 +141,20 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
ShrToken: shrToken,
})
}
func (h *shareHandler) checkLimits(principal *rest_model_zrok.Principal, envs []*store.Environment, tx *sqlx.Tx) error {
if h.cfg.Shares > Unlimited {
total := 0
for i := range envs {
shrs, err := str.FindSharesForEnvironment(envs[i].Id, tx)
if err != nil {
return errors.Errorf("unable to find shares for environment '%v': %v", envs[i].ZId, err)
}
total += len(shrs)
if total+1 > h.cfg.Shares {
return errors.Errorf("would exceed shares limit of %d for '%v'", h.cfg.Shares, principal.Email)
}
}
}
return nil
}